MGT433: Securing The Human: How to Build, Maintain and Measure a High-Impact Awareness Program

This course has content every employee can use. Whether from a large company or small. It has sound starting point everyone can use.

Donna Hickman, GE Capital Retail Bank

This course is a must for enhancing the overall security posture for any organization.

Pranav Teli, Saudi Aramco

Organizations have invested a tremendous amount of money and resources into securing technology, but little if anything into securing their workforce. As a result, people, not technology, have become the most common target for cyber attackers. The most effective way to secure the human element is to establish a high-impact security awareness program that goes beyond just compliance and changes behaviors and ultimately creates a secure culture. This intense two-day course will teach you the key concepts and skills needed to do just that and is designed for those establishing a new program or wanting to improve an existing one. Course content is based on lessons learned from hundreds of security awareness programs from around the world. In addition, you will learn not only from your instructor, but from extensive interaction with your peers. Finally, through a series of labs and exercises, you will develop your own custom security awareness plan that you can implement as soon as you return to your organization.

You Will Learn:

The Security Awareness Maturity Model and how to leverage it as the roadmap for your awareness program

How to identify and prioritize the top human risks to your organization and the key behaviors that manage those risks

How to effectively engage and communicate to your workforce, to include addressing the challenges of different roles, generations and nationalities

How to sustain your security awareness program long term, including advanced programs such as gamification and ambassador programs

How to measure the impact of your awareness program, track reduction in human risk, and communicate the value to leadership

Course Syllabus

MGT433.1: Planning and Building

CPE/CMU Credits: 6

Topics

The five stages of the Security Awareness Maturity Model

The three variables of risk and their role in awareness

Why humans are so vulnerable and latest methods cyber attackers use to exploit these vulnerabilities

The learning continuum: awareness, training and education

Steps to gaining and maintaining leadership support

How to develop and leverage an effective Advisory Board

B.J. Fogg Behavior Model and how it applies to your overall strategy of changing workforce behavior

Developing a strategic plan based on three key questions: Who, What and How

Who: Identifying the different targets of your awareness program. Whose behaviors do you want to change? NOTE: This section includes an interactive, group lab where you identify and analyze key target groups in your organization

What: Identifying and prioritizing the top human risks to your organization and the behaviors that will most effectively manage those risks. NOTE: This section includes two interactive labs, one conducting a qualitative risk analysis for your organization and a second lab on behavioral management by defining key learning objectives

MGT433.2: Implement and Maintain

CPE/CMU Credits: 6

Topics

How: How will you communicate your program. This includes understanding the cultures within your organization, defining why cyber security is impotant and the most successful strategies to engage people.

The effective use of imagery, to include imagery within diverse or international environments

Top tips for effective translation / localization

The two different communication methods: primary and reinforcement and the advantages/disadvantages of each

How to effectively develop and provide instructor-led training (ILT)

How to effectively develop and deploy online / computer based training (CBT)

"MGT433 gives great view on how to build a full security program." - Eman Al Awadhi, TRA

Author Statement

Having been actively involved in information security for more than 20 years, I have seen one constant factor: people are the weakest link because we fail to properly invest in and secure them. Once trained, your workforce will become your greatest asset, not only in preventing incidents but being able to quickly identify and report them, developing a far more resilient organization. I am extremely excited about MGT433, as we provide organizations with the skills, resources and community they need to build a high-impact security awareness program that will not only change behaviors, but also measure that change.

- Lance Spitzner

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.